June 25, 2024 at 05:59PM A critical security flaw in Progress Software’s MOVEit Transfer enables attackers to bypass authentication protocols and has been actively exploited shortly after being disclosed. The vulnerability, CVE-2024-5806 with CVSS 7.4, affects specific versions of MOVEit Transfer. Urgent patching is recommended due to the potential for cybercriminal exploitation and compromise of … Read more
June 14, 2024 at 06:39AM CISA warns federal agencies of ongoing exploitation of CVE-2024-4358, a recently patched authentication bypass vulnerability in Progress Software’s Telerik Report Server. The bug allows attackers to create a new administrator user, manipulate authentication tokens, and achieve remote code execution. CISA urges identifying and mitigating vulnerable instances within three weeks. Key … Read more
June 4, 2024 at 11:07AM Progress Software has released updates to address a critical security flaw in Telerik Report Server, allowing potential bypass of authentication and creation of rogue administrator users. Tracked as CVE-2024-4358, the flaw carries a high CVSS score of 9.8. Users are urged to update to version 2024 Q2 and review user … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
June 3, 2024 at 02:01PM Researchers have demonstrated a chained remote code execution vulnerability on Progress Telerik Report Servers. The exploit, developed by Sina Kheirkha with assistance from Soroush Dalili, involves an authentication bypass and deserialization issue. Urgent updates (Telerik Report Server 2024 Q2 10.1.24.514 or later) are recommended. Progress Software’s history warrants prompt action … Read more
May 8, 2024 at 06:24AM The University System of Georgia informs 800,000 individuals about the compromise of their personal and financial data in the May 2023 MOVEit hack. The data breach, linked to a ransomware group, affects over 2,000 organizations and around 60 million individuals. USG is offering affected individuals one year of free credit … Read more
April 4, 2024 at 08:30AM Progress Software has released patches for a critical vulnerability in its widely used network monitoring and security solution, Flowmon, which could allow remote, unauthenticated attackers to gain access to systems. Tracked as CVE-2024-2389 with the highest severity rating, the bug was fixed in versions 11.1.14 and 12.3.5. Users should update … Read more
March 11, 2024 at 02:45AM A critical security flaw (CVE-2024-1403) in Progress Software OpenEdge Authentication Gateway and AdminServer allows unauthorized access via bypassing authentication protections. Exploit specifics and technical details disclosed, with severity rating of 10.0. Addressed in versions OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. Horizon3.ai released a proof-of-concept, identifying potential remote code execution … Read more
November 20, 2023 at 03:50PM Progress Software’s MOVEit file transfer application has been exploited by the Russian ransomware group Clop, impacting 2,620 organizations and over 77 million individuals. Avast, the antivirus company, is among the victims, with 3 million customers’ information reportedly leaked on a hacking forum. Welltok, a patient communication services provider, has also … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more